# pro-ndax-page-login.webflow.io — MALICIOUS

> pro-ndax-page-login.webflow.io is a high-risk phishing site targeting your credentials. Avoid entering information and report suspicious activity immediately.

## Summary
PhishDestroy identifies pro-ndax-page-login.webflow.io as an active credential phishing domain designed to deceive users into divulging sensitive login information. Credential phishing remains a critical threat because it can lead to unauthorized account access, financial loss, and compromised personal data. This domain specifically mimics legitimate login pages, aiming to trick victims into submitting their credentials.

Analysis shows that the domain resolves to IP address 104.18.36.248, which is associated with web hosting services commonly used for legitimate and malicious purposes alike. The domain is hosted on the Webflow platform, a popular site builder that attackers exploit for phishing due to its ease of use and reputable infrastructure. Additionally, the domain appears on at least one security blocklist, and 18 out of 95 security vendors on VirusTotal have flagged it as suspicious or malicious. This technical evidence supports the classification of pro-ndax-page-login.webflow.io as a high-risk phishing threat.

Users are strongly advised to avoid interacting with this domain or submitting any personal information on it. If you have already entered credentials, immediately change your passwords on the legitimate service and enable multi-factor authentication to secure your account. Reporting this domain to your IT department or security provider can help prevent further victimization. Staying vigilant about URLs and verifying website authenticity remain key defenses against such credential phishing attempts.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: NDAX® | Login: Canada’s Most Secure Crypto Exchange

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.18.36.248
- Nameservers: NS_NOT_FOUND

## Detection Status
- VirusTotal: 19 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "LevelBlue", "Lionic", "Netcraft", "PREBYTES", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["OISD"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019d00db-708c-747d-850c-d4707c02fa4f.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/a32c1e0f-b5f2-486a-aed0-ea05c83b8fe0
- PhishDestroy: https://phishdestroy.io/domain/pro-ndax-page-login.webflow.io/
- LLM endpoint: https://phishdestroy.io/domain/pro-ndax-page-login.webflow.io/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/pro-ndax-page-login.webflow.io/
Last updated: 2026-03-19